[Bug]: Issue with multiple aws_cloudformation_stack_instances resources on the same aws_cloudformation_stack_set, but with different regions or OUs

[JorisBoelen-TomTom]

Terraform Core Version

1.9.8

AWS Provider Version

5.76.0

Affected Resource(s)

• aws_cloudformation_stack_instances

Expected Behavior

When deploying multiple aws_cloudformation_stack_instances resources that point to the same aws_cloudformation_stack_set, but have a different value for the parameter regions or organizational_unit_ids, I would expect the resources to only require an update if the value changes, not on each terraform plan/apply

Use case is to deploy a Cloud Formation StackSet to only 1 region for certain accounts, but to multiple regions for other accounts.

Or to deploy a StackSet to all accounts in 1 OU, and only to a limited set of accounts in another OU.

It's not clear to me whether this is a bug, a limitations from AWS or a misunderstand from my side.

Actual Behavior

Initially the resources are created correctly. But on every terraform plan/apply it marks the regions or organizational_unit_ids parameters as being modified, requiring an update of the resource.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Example 1: multiple aws_cloudformation_stack_instances resources, but for different regions.

resource "aws_cloudformation_stack_set" "this" {
  name                    = var.cloudformation_stack_set_name
  ...
}

resource "aws_cloudformation_stack_instances" "one" {
  stack_set_name = aws_cloudformation_stack_set.this.name
  regions                = ["eu-west-1"]
  ...
}

resource "aws_cloudformation_stack_instances" "two" {
  stack_set_name = aws_cloudformation_stack_set.this.name
  regions                = ["eu-west-1", "eu-central-1"]
}

Example 2: multiple aws_cloudformation_stack_instances resources, but for different OUs.

resource "aws_cloudformation_stack_set" "this" {
  name                    = var.cloudformation_stack_set_name
  ...
}

resource "aws_cloudformation_stack_instances" "one" {
  stack_set_name = aws_cloudformation_stack_set.this.name
  regions                = ["eu-west-1" "eu-central-1"]

  deployment_targets {
    organizational_unit_ids = ["ou-1234"]
  }
  ...
}

resource "aws_cloudformation_stack_instances" "two" {
  stack_set_name = aws_cloudformation_stack_set.this.name
  regions                = ["eu-west-1", "eu-central-1"]

  deployment_targets {
    organizational_unit_ids = ["ou-1235"]
    account_filter_type = "DIFFERENCE"
    accounts = ["1111111", "222222"]
  }
}

Steps to Reproduce

• Create terraform configuration file as above snippet
• Run terraform apply
• Do not modify the files
• Run terraform apply again, updates are needed to resources

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.